youngkingdom/dify
1
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-05-05 09:58:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: update webapp jwt claim and add user accessibility support

Browse Source
This commit is contained in:
GareArc
2025-04-07 18:41:02 -04:00
parent 46d43e6758
commit 5e50570739
2 changed files with 56 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
api/controllers/web/login.py
View File

@ -5,6 +5,7 @@ from flask import request
from flask_restful import Resource, reqparse
from jwt import InvalidTokenError # type: ignore
from web import api
from werkzeug.exceptions import BadRequest
import services
from controllers.console.auth.error import (EmailCodeError,
@ -16,7 +17,7 @@ from libs.helper import email
from libs.password import valid_password
from models.account import Account
from services.account_service import AccountService
from services.webapp_auth_service import Unauthorized, WebAppAuthService
from services.webapp_auth_service import WebAppAuthService
class LoginApi(Resource):
@ -31,7 +32,7 @@ class LoginApi(Resource):
app_code = request.headers.get("X-App-Code")
if app_code is None:
raise Unauthorized("X-App-Code header is missing.")
raise BadRequest("X-App-Code header is missing.")
try:
account = WebAppAuthService.authenticate(args["email"], args["password"])
@ -42,7 +43,11 @@ class LoginApi(Resource):
except services.errors.account.AccountNotFoundError:
raise AccountNotFound()
token = WebAppAuthService.login(account=account, app_code=app_code)
WebAppAuthService._validate_user_accessibility(account=account, app_code=app_code)
end_user = WebAppAuthService.create_end_user(email=args["email"], app_code=app_code)
token = WebAppAuthService.login(account=account, app_code=app_code, end_user_id=end_user.id)
return {"result": "success", "token": token}
@ -90,7 +95,7 @@ class EmailCodeLoginApi(Resource):
user_email = args["email"]
app_code = request.headers.get("X-App-Code")
if app_code is None:
raise Unauthorized("X-App-Code header is missing.")
raise BadRequest("X-App-Code header is missing.")
token_data = WebAppAuthService.get_email_code_login_data(args["token"])
if token_data is None:
@ -107,7 +112,11 @@ class EmailCodeLoginApi(Resource):
if not account:
raise AccountNotFound()
token = WebAppAuthService.login(account=account, app_code=app_code)
WebAppAuthService._validate_user_accessibility(account=account, app_code=app_code)
end_user = WebAppAuthService.create_end_user(email=user_email, app_code=app_code)
token = WebAppAuthService.login(account=account, app_code=app_code, end_user_id=end_user.id)
AccountService.reset_login_error_rate_limit(args["email"])
return {"result": "success", "token": token}